Lessons from 6 Huge Password Hacks of 2015

2015 was a groundbreaking year for passwords and data security – a staggering number of data breaches were reported in the media and (we think) that more people are thinking about their password security than ever before. We wanted to take a retrospective look at the biggest password hacks of 2015 and see what we can learn to make 2016 – the year of the monkey – also the year of better passwords and safer accounts.

What We’ve Learned From 2015’s Biggest Password Hacks

VTech

When toys become targets, it makes us take a second look. This goes down as one of the worst password hacks of 2015 because it involved almost 5 million records and 200,000 profiles that included children’s first names, genders and birth dates. Poor password security and other sub-par infrastructure contributed to the breach. The news of this hack spurred our recent article on the top toys of 2015 and how their privacy policies stack up to protect our youngest citizens.

Lesson learned: Do your research and know how your child’s data is being handled by today’s tech toy companies.

Ashley Madison

From kids to… Well, the AshleyMadison.com hack made international headlines this year when 37 million users were exposed through a hack by a group called “The Impact Team,” which threatened to expose the list if the site did not shut down. When the company did not comply, the group followed through and gave the world a list of cheaters a mile long – including 11 million easily crackable passwords that included gems like “superman,” “ashleymadison,” and, our favorite, “password.” This was one for the password hacks record book!

Lesson learned: If you’re going to participate in online… activities, be sure to protect your account with a strong, unique password!

CVS, Walgreens, Costco, Rite Aid, Sam’s Club

This password hack didn’t make front-page headlines like Ms. Madison, but it affected untold millions of people looking to order photo prints online through one of a handful of major shopping outlets, all clients of Vancouver-based PNI Digital Media Inc. Credit card data, email and mailing addresses, phone numbers and passwords were taken via these online photo portals, which were temporarily shut down while the hack was investigated. To this day, we were not able to uncover much about the results of that investigation.

Lesson learned: Keep a regular watch on your online banking accounts, and perhaps even dedicate one credit card (with a low limit) to online purchases to help protect against financial risks that might be out of your control.

UCLA Health

This data hack makes the list because this organization failed to take basic security measures to protect user data. We talk about encryption all the time here at SpeedyPassword, and this is something that UCLA Health had failed to do, which played a part in 4.5 million records (including medical records and Social Security numbers) being hit by a massive hack in July. Encryption ensures that data is unable to be deciphered by incoming third-parties who are not authorized to access it. Talk about a major whoops!

Lesson learned: Look into the security policies of companies and organizations handling large amounts of your personal data. Who knows what holes you might find?

LastPass

We would be remiss if we didn’t discuss the 2015 hack that happened in our world: Password manager LastPass was hacked and the irony of a password protection service not protecting its passwords made for some interesting news headlines! In the end, no user data was actually compromised. And, as LastPass discussed in their online release, having a password manager protecting accounts with strong, unique passwords is still a more secure solution than using the same, hackable password across all major accounts and data. Yep, a password manager is more secure than “password” – we agree with that!

Lesson learned: Everyone is a target. However, companies that have the right security measures in place are best set up for success.

OPM Breach

We reported on this hack earlier this year – remember those 22 million government employees who had their fingerprints stolen? That’s not to mention all of the other sensitive and classified data in personnel records that was taken. Because this hack is a matter of US national security, it is one the most serious password hacks of 2015. The cybercriminals are unknown to this day – but one thing that is known, is that poor passwords might have had a role to play in the breach.

Lesson learned: Do your part in your company’s overall security efforts and protect your accounts with strong passwords. Be wary of attacks that could come your way via email phishing or other methods and report anything suspicious to your IT department.

Will 2016 be the year we stop monkeying around and get serious about our passwords? Only time will tell. We, for one, hope we have less password hacks to report on next year. Here’s to 2016!